Enable different Apache modules

NOTE: We are in the process of modifying the file structure and configuration for many Bitnami stacks. On account of these changes, the file paths stated in this guide may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and what approach to follow, run the command below:

 $ test ! -f "installdir/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."

The output of the command indicates which approach (A or B) is used by the installation, and will allow you to identify the paths, configuration and commands to use in this guide. Refer to the FAQ for more information on these changes.

LDAP

Bitnami stacks already ship the LDAP module installed in Apache but it is not enabled by default. To enable this module, follow these steps:

• Enable the LDAP module. Edit the main Apache configuration file located at installdir/apache2/conf/httpd.conf. Uncomment the mod_authnz_ldap line and add the mod_ldap line at the end of the LoadModule section:

  ...
  LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
  ...
  LoadModule ldap_module modules/mod_ldap.so
  

• Restart Apache server and check it is already enabled:

  $ sudo installdir/ctlscript.sh restart apache
  $ installdir/apache2/bin/apachectl -M | grep ldap
  ...
  authnz_ldap_module (shared)
  ldap_module (shared)
  ...
  

mod_evasive

Follow these steps:

• Download the latest version:

  $  git clone https://github.com/jzdziarski/mod_evasive/
  

• Build, configure and install the module:

  $ cd mod_evasive
  $ cp mod_evasive{20,24}.c
  $ sed s/remote_ip/client_ip/g -i mod_evasive24.c
  $ sudo apxs -i -a -c mod_evasive24.c
  

• Update the Apache module configuration:

  $ echo Include conf/modevasion.conf | sudo tee -a installdir/apache2/conf/httpd.conf
  $ sudo tee installdir/apache2/conf/modevasion.conf <<EOF
  #increases size of hash table. Good, but uses more RAM."
  DOSHashTableSize    3097"
  #Interval, in seconds, of the page interval."
  DOSPageInterval     1"
  #Interval, in seconds, of the site interval."
  DOSSiteInterval     1"
  #period, in seconds, a client is blocked.  The counter is reset to 0 with every access within this interval."
  DOSBlockingPeriod   10"
  #threshold of requests per page, per page interval.  If hit == block."
  DOSPageCount        2"
  #threshold of requests for any object by the same ip, on the same listener, per site interval."
  DOSSiteCount        50"
  #locking mechanism prevents repeated calls.  email can be sent when host is blocked (leverages the following by default "/bin/mail -t %s")"
  DOSEmailNotify      mbrown@domainy.com"
  #locking mechanism prevents repeated calls.  A command can be executed when a host is blocked.  %s is the host IP."
  #DOSSystemCommand    \"su - someuser -c \'/sbin/... %s ...\'\""
  #DOSLogDir           \"/var/lock/mod_evasive\""
  #whitelist an IP., leverage wildcards, not CIDR, like 127.0.0.*"
  #DOSWhiteList 127.0.0.1"
  EOF
  

• Restart Apache:

  $ sudo installdir/ctlscript.sh restart apache
  

mod_proxy_html

Follow these steps:

Approach A: Bitnami installations using system packages

• Install the libxml2 development system package:

  • Debian:

    $ sudo apt-get install libxml2-dev
    

    • CentOS:

      $ sudo yum install libxml2-devel

• Download the latest version and extract the contents:

  $ wget http://apache.webthing.com/mod_proxy_html/mod_proxy_html.tar.bz2
  $ tar -jxf mod_proxy_html.tar.bz2
  $ cd mod_proxy_html/
  

• Install the module:

  $ sudo apxs -c $(xml2-config --cflags) $(xml2-config --libs) -i mod_proxy_html.c
  $ sudo apxs -c $(xml2-config --cflags) $(xml2-config --libs) -i mod_xml2enc.c
  $ sudo chmod 755 installdir/apache2/modules/mod_proxy_html.so installdir/apache2/modules/mod_xml2enc.so
  

• Enable the module by including the lines below in the installdir/apache2/conf/httpd.conf configuration file:

  LoadModule proxy_html_module modules/mod_proxy_html.so
  LoadModule xml2enc_module modules/mod_xml2enc.so
  

Approach B: Self-contained Bitnami installations

• Download the latest version and extract the contents:

  $ wget http://apache.webthing.com/mod_proxy_html/mod_proxy_html.tar.bz2
  $ tar -jxf mod_proxy_html.tar.bz2
  $ cd mod_proxy_html/
  

• Install the module:

  $ sudo apxs -c -I installdir/common/include/libxml2 -I. -i mod_proxy_html.c
  $ sudo apxs -c -I installdir/common/include/libxml2 -I. -i mod_xml2enc.c
  $ sudo chmod 755 installdir/apache2/modules/mod_proxy_html.so installdir/apache2/modules/mod_xml2enc.so
  

• Enable the module by including the lines below in the installdir/apache2/conf/httpd.conf configuration file:

  LoadFile installdir/common/lib/libxml2.so
  LoadModule proxy_html_module modules/mod_proxy_html.so
  LoadModule xml2enc_module modules/mod_xml2enc.so
  

mod_security

Approach A: Bitnami installations using system packages

Bitnami stacks using system packages already ship the mod_security3 module installed in Apache but it is not enabled by default. To enable this module, follow these steps:

• Enable the mod_security3 and mod_unique_id modules in Apache. Edit the main Apache configuration file and uncomment the unique_id_module. Then, add the mod_security3 line at the end of the LoadModule section:

  ...
  LoadModule unique_id_module modules/mod_unique_id.so
  ...
  LoadModule security3_module modules/mod_security3.so
  

• Enable ModSecurity in each virtual host file. For example, add the following configuration to the installdir/apache2/conf/vhosts/APPNAME-vhost.conf file:

  <VirtualHost _default_:80>
  ...
  <Directory "/path/to/htdocs">
    ...
    modsecurity on
    modsecurity_rules_file "conf/modsecurity.conf"
  

• Restart the Apache server:

  $ sudo installdir/ctlscript.sh restart apache
  $ tail installdir/apache2/logs/error_log
  
  ...
  [Thu Jun 04 16:42:24.775180 2020] [:notice] [pid 4634:tid 140252742151040] ModSecurity: ModSecurity-Apache v0.1.1-beta configured.
  ...
  

Approach B: Self-contained Bitnami installations

• Enable the mod_security2 and mod_unique_id modules in Apache. Edit the main Apache configuration file and uncomment the unique_id_module. Then, add the mod_security2 line at the end of the LoadModule section:

  ...
  LoadModule unique_id_module modules/mod_unique_id.so
  ...
  LoadModule security2_module modules/mod_security2.so
  

• Add the default configuration file for mod_security at the end of the Apache configuration file:

  Include "installdir/apache2/conf/modsecurity.conf"
  

• Restart Apache server and check it is already enabled:

  $ sudo installdir/ctlscript.sh restart apache
  $ tail installdir/apache2/logs/error_log
  
  ...
  [Thu Jan 30 18:42:14.004246 2014] [:notice] [pid 1127] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
  ...
  

In some older stack versions, it is necessary to download an additional file for this module. Use the following commands:

$ cd installdir/apache2/conf
$ sudo wget https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v2/master/unicode.mapping

mod_xsendfile

Approach A: Bitnami installations using system packages

Follow these steps:

• Download the latest version of the module:

  $ wget https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.gz
  

• Extract the content and install the module:

  $ tar -xzvf mod_xsendfile-0.12.tar.gz
  $ cd mod_xsendfile-0.12
  $ sudo apxs -aci mod_xsendfile.c
  

If everything goes well, the module will be installed as installdir/apache2/modules/mod_xsendfile.so. Check the mod_xsendfile configuration page to find out how to configure this module for your application.

Approach B: Self-contained Bitnami installations

Bitnami LAMP/MAMP/WAMP stacks 5.4.13-2 and later include the mod_xsendfile module. To enable this module, add the following line in the Apache configuration file:

LoadModule xsendfile_module modules/mod_xsendfile.so

If you are using an older version, it is easy to install this module into your existing Apache server. Follow the steps below: * First, install the necessary compilation tools to be able to build the Apache extension. On Ubuntu/Debian you can do it with the following command:

    $ sudo apt-get install build-essential

• Download the latest version of the module:

  $ wget https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.gz
  

• Extract the content and install the module:

  $ tar -xzvf mod_xsendfile-0.12.tar.gz
  $ cd mod_xsendfile-0.12
  $ sudo installdir/apache2/bin/apxs -aci mod_xsendfile.c
  

If everything goes well, the module will be installed as installdir/apache2/modules/mod_xsendfile.so. Check the mod_xsendfile configuration page to find out how to configure this module for your application.

mod_http2

Bitnami stacks ship with the mod_http2 module installed, but it is not enabled by default. To enable this module, follow these steps:

• Edit the main Apache configuration file at installdir/apache2/conf/httpd.conf and uncomment the line below so that it looks like this:

  ...
  LoadModule http2_module modules/mod_http2.so
  

• Restart Apache and confirm that the module is active:

  $ sudo installdir/ctlscript.sh restart apache
  $ sudo apachectl -M | grep http2
  

• Enable HTTP 2 support in your virtual host.